Securely Configuring LenovoEMC NAS Devices
Lenovo Security Advisory: LEN-11575
Potential Impact: Access to stored data if security settings have not been configured
Scope of Impact: Lenovo-specific
Summary Description:
In light of recent work by a security researcher, Lenovo would like to remind owners of older LenovoEMC consumer Network Attached Storage (NAS) devices of a firmware update issued in 2014 that enables “security by default” for these devices instead of requiring users to manually configure security settings. This firmware update requires users to configure passwords to secure all data. Without such updates, or the owner configuring their devices securely, the devices can be accessed and data can be exposed.
Lenovo highly recommends customers update to the latest firmware version (4.1.102 or later) or enable security on their devices by following the steps at the links below.
These devices were initially developed and sold by Iomega. In 2008, Iomega was acquired by EMC, which formed a joint venture with Lenovo in 2013 and sold these products branded as LenovoEMC. Lenovo implemented the “secure by default” shortly afterward.
Product Impact:
Lenovo EZ Media & Backup Center
There are also three devices that are at end of support from Lenovo. We recommend users of these devices to manually enable access permission for these devices:
Ix4-200d
Ix2-200d
LenovoEMC Home Media
Acknowledgements:
Lenovo thanks Tony Robinson and James Emery-Callcott for reporting this.
References:
NAS Security Best Practices Guidelines: https://download.lenovo.com/lenovoemc/na/en/app/answers/detail/a_id/30391.html
Revision History:
|
Revision |
Date |
Description |
| 3.0 | 30 July 2019 | Added Reference |
| 2.0 | 8 August 2018 | Updated links |
|
1.0 |
21 November 2016 |
Initial release |
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.